package org.smart4j.chapter1.plugin.security.password;

import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authc.credential.CredentialsMatcher;
import org.smart4j.chapter1.util.CodecUtil;

/**
 * @ClassName: MD5 密码匹配器
 * @Description:
 * @Author: LynnZou
 * @Date: 2017/5/31
 */
public class Md5CredentialMatcher implements CredentialsMatcher {

    @Override
    public boolean doCredentialsMatch(AuthenticationToken authenticationToken, AuthenticationInfo authenticationInfo) {
        //获取从表单提交过来的密码/明文/尚未通过MD5加密
        String submitted = String.valueOf(((UsernamePasswordToken)authenticationToken).getPassword());
        //获取数据中存储的密码,已通过MD5加密
        String encrypted = String.valueOf(authenticationInfo.getCredentials());
        return CodecUtil.md5(submitted).equals(encrypted);
    }
}
